package gnu.java.security.x509;
import java.io.InputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.HashMap;
import java.util.Set;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Principal;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CRLException;
import java.security.cert.X509CRLEntry;
import javax.security.auth.x500.X500Principal;
import gnu.java.io.ASN1ParsingException;
import gnu.java.security.OID;
import gnu.java.security.der.BitString;
import gnu.java.security.der.DER;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
import gnu.java.security.der.DERWriter;
public class X509CRL extends java.security.cert.X509CRL
{
private static final OID ID_DSA = new OID("1.2.840.10040.4.1");
private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3");
private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1");
private static final OID ID_RSA_WITH_MD2 = new OID("1.2.840.113549.1.1.2");
private static final OID ID_RSA_WITH_MD5 = new OID("1.2.840.113549.1.1.4");
private static final OID ID_RSA_WITH_SHA1 = new OID("1.2.840.113549.1.1.5");
private byte[] encoded;
private byte[] tbsCRLBytes;
private int version;
private OID algId;
private byte[] algParams;
private Date thisUpdate;
private Date nextUpdate;
private X500Principal issuerDN;
private HashMap revokedCerts;
private HashMap extensions;
private HashSet critOids;
private HashSet nonCritOids;
private OID sigAlg;
private byte[] sigAlgParams;
private byte[] rawSig;
private byte[] signature;
public X509CRL(InputStream encoded) throws CRLException, IOException
{
super();
revokedCerts = new HashMap();
extensions = new HashMap();
critOids = new HashSet();
nonCritOids = new HashSet();
try
{
parse(encoded);
}
catch (IOException ioe)
{
ioe.printStackTrace();
throw ioe;
}
catch (Exception x)
{
x.printStackTrace();
throw new CRLException(x.toString());
}
}
public boolean equals(Object o)
{
return ((X509CRL) o).revokedCerts.equals(revokedCerts);
}
public int hashCode()
{
return revokedCerts.hashCode();
}
public byte[] getEncoded() throws CRLException
{
return (byte[]) encoded.clone();
}
public void verify(PublicKey key)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException
{
Signature sig = Signature.getInstance(sigAlg.toString());
doVerify(sig, key);
}
public void verify(PublicKey key, String provider)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException
{
Signature sig = Signature.getInstance(sigAlg.toString(), provider);
doVerify(sig, key);
}
public int getVersion()
{
return version;
}
public Principal getIssuerDN()
{
return issuerDN;
}
public X500Principal getIssuerX500Principal()
{
return issuerDN;
}
public Date getThisUpdate()
{
return (Date) thisUpdate.clone();
}
public Date getNextUpdate()
{
if (nextUpdate != null)
return (Date) nextUpdate.clone();
return null;
}
public X509CRLEntry getRevokedCertificate(BigInteger serialNo)
{
return (X509CRLEntry) revokedCerts.get(serialNo);
}
public Set getRevokedCertificates()
{
return Collections.unmodifiableSet(new HashSet(revokedCerts.values()));
}
public byte[] getTBSCertList() throws CRLException
{
return (byte[]) tbsCRLBytes.clone();
}
public byte[] getSignature()
{
return (byte[]) rawSig.clone();
}
public String getSigAlgName()
{
if (sigAlg.equals(ID_DSA_WITH_SHA1))
return "SHA1withDSA";
if (sigAlg.equals(ID_RSA_WITH_MD2))
return "MD2withRSA";
if (sigAlg.equals(ID_RSA_WITH_MD5))
return "MD5withRSA";
if (sigAlg.equals(ID_RSA_WITH_SHA1))
return "SHA1withRSA";
return "unknown";
}
public String getSigAlgOID()
{
return sigAlg.toString();
}
public byte[] getSigAlgParams()
{
if (sigAlgParams != null)
return (byte[]) sigAlgParams.clone();
return null;
}
public boolean hasUnsupportedCriticalExtension()
{
return false; }
public Set getCriticalExtensionOIDs()
{
return Collections.unmodifiableSet(critOids);
}
public Set getNonCriticalExtensionOIDs()
{
return Collections.unmodifiableSet(nonCritOids);
}
public byte[] getExtensionValue(String oid)
{
byte[] ext = (byte[]) extensions.get(oid);
if (ext != null)
return (byte[]) ext.clone();
return null;
}
public String toString()
{
return gnu.java.security.x509.X509CRL.class.getName();
}
public boolean isRevoked(Certificate cert)
{
if (!(cert instanceof java.security.cert.X509Certificate))
throw new IllegalArgumentException("not a X.509 certificate");
BigInteger certSerial =
((java.security.cert.X509Certificate) cert).getSerialNumber();
X509CRLEntry ent = (X509CRLEntry) revokedCerts.get(certSerial);
if (ent == null)
return false;
return ent.getRevocationDate().compareTo(new Date()) < 0;
}
private void doVerify(Signature sig, PublicKey key)
throws CRLException, InvalidKeyException, SignatureException
{
sig.initVerify(key);
sig.update(tbsCRLBytes);
if (!sig.verify(signature))
throw new CRLException("signature not verified");
}
private void parse(InputStream in) throws Exception
{
DERReader der = new DERReader(in);
DERValue val = der.read();
if (!val.isConstructed())
throw new ASN1ParsingException("malformed CertificateList");
encoded = val.getEncoded();
val = der.read();
if (!val.isConstructed())
throw new ASN1ParsingException("malformed TBSCertList");
tbsCRLBytes = val.getEncoded();
val = der.read();
if (val.getValue() instanceof BigInteger)
{
version = ((BigInteger) val.getValue()).intValue() + 1;
val = der.read();
}
else
version = 1;
if (!val.isConstructed())
throw new ASN1ParsingException("malformed AlgorithmIdentifier");
DERValue algIdVal = der.read();
algId = (OID) algIdVal.getValue();
if (val.getLength() > algIdVal.getEncodedLength())
{
val = der.read();
algParams = val.getEncoded();
if (val.isConstructed())
in.skip(val.getLength());
}
issuerDN = new X500Principal(in);
thisUpdate = (Date) der.read().getValue();
val = der.read();
if (val.getValue() instanceof Date)
{
nextUpdate = (Date) val.getValue();
val = der.read();
}
if (val.getTag() != 0)
{
int len = 0;
while (len < val.getLength())
{
X509CRLEntry entry =
new gnu.java.security.x509.X509CRLEntry(version, in);
revokedCerts.put(entry.getSerialNumber(), entry);
len += entry.getEncoded().length;
}
}
if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0)
{
val = der.read();
int len = 0;
while (len < val.getLength())
{
DERValue ext = der.read();
OID extId = (OID) der.read().getValue();
DERValue val2 = der.read();
Boolean crit = Boolean.valueOf(false);
if (val2.getValue() instanceof Boolean)
{
crit = (Boolean) val2.getValue();
val2 = der.read();
}
byte[] extVal = (byte[]) val2.getValue();
extensions.put(extId.toString(), extVal);
if (crit.booleanValue())
critOids.add(extId.toString());
else
nonCritOids.add(extId.toString());
len += ext.getEncodedLength();
}
}
val = der.read();
if (!val.isConstructed())
throw new ASN1ParsingException("malformed AlgorithmIdentifier");
DERValue sigAlgVal = der.read();
sigAlg = (OID) sigAlgVal.getValue();
if (val.getLength() > sigAlgVal.getEncodedLength())
{
val = der.read();
sigAlgParams = (byte[]) val.getEncoded();
if (val.isConstructed())
in.skip(val.getLength());
}
val = der.read();
rawSig = val.getEncoded();
signature = ((BitString) val.getValue()).toByteArray();
}
}